34 lines
1.1 KiB
Ruby
34 lines
1.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Gitlab
|
|
module RequestForgeryProtectionPatch
|
|
private
|
|
|
|
# Patch to generate 6.0.3 tokens so that we do not have CSRF errors while
|
|
# rolling out 6.0.3.1. This enables GitLab to have a mix of 6.0.3 and
|
|
# 6.0.3.1 Rails servers
|
|
#
|
|
# 1. Deploy this patch with :global_csrf_token FF disabled.
|
|
# 2. Once all Rails servers are on 6.0.3.1, enable :global_csrf_token FF.
|
|
# 3. On GitLab 13.2, remove this patch
|
|
def masked_authenticity_token(session, form_options: {})
|
|
action, method = form_options.values_at(:action, :method)
|
|
|
|
raw_token = if per_form_csrf_tokens && action && method
|
|
action_path = normalize_action_path(action)
|
|
per_form_csrf_token(session, action_path, method)
|
|
else
|
|
if Feature.enabled?(:global_csrf_token)
|
|
global_csrf_token(session)
|
|
else
|
|
real_csrf_token(session)
|
|
end
|
|
end
|
|
|
|
mask_token(raw_token)
|
|
end
|
|
end
|
|
end
|
|
|
|
ActionController::Base.include Gitlab::RequestForgeryProtectionPatch
|